Posted: 16 Min Read Threat Intelligence

Microsoft Patch Tuesday – October 2018

This month the vendor has patched 49 vulnerabilities, 12 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance


This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office
  • Microsoft Azure
  • Microsoft Windows
  • Microsoft SQL Server Management Studio
  • ChakraCore
  • Microsoft Windows Hyper-V


The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8473) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2018-8491) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8500) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8505) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8509) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8510) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8511) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8513) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Security Bypass Vulnerability (CVE-2018-8512) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Security Bypass Vulnerability (CVE-2018-8530) MS Rating: Important

    A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8503) MS Rating: Low

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Exchange Remote Code Execution Vulnerability (CVE-2018-8265) MS Rating: Important

    A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user.

     

    Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2018-8448) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

     

    Microsoft SharePoint Privilee Escalation Vulnerability (CVE-2018-8480) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8488) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8498) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft PowerPoint Security Bypass Vulnerability (CVE-2018-8501) MS Rating: Important

    A security bypass vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Security Bypass Vulnerability (CVE-2018-8502) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8504) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8518) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

  3. Cumulative Security Update for Microsoft Azure

    Azure IoT Device Client SDK Memory Corruption Vulnerability (CVE-2018-8531) MS Rating: Important

    A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Win32k Privilege Escalation Vulnerability (CVE-2018-8453) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8497) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8330) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

  5. Cumulative Security Update for Microsoft Windows

    MS XML Remote Code Execution Vulnerability (CVE-2018-8494) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system.

     

    MFC Insecure Library Loading Vulnerability (CVE-2010-3190) MS Rating: Moderate

    A remote code execution vulnerability exists in the way that certain applications built using Microsoft Foundation Classes (MFC) handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

     

    Windows DNS Security Bypass Vulnerability (CVE-2018-8320) MS Rating: Important

    A security bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints.

     

    Linux On Windows Privilege Escalation Vulnerability (CVE-2018-8329) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system.

     

    Microsoft Filter Manager Privilege Escalation Vulnerability (CVE-2018-8333) MS Rating: Important

    A privilege escalation vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system.

     

    NTFS Privilege Escalation Vulnerability (CVE-2018-8411) MS Rating: Important

    A privilege escalation vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413) MS Rating: Important

    A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8423) MS Rating: Important

    A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system.

     

    Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2018-8427) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.

     

    Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2018-8432) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2018-8472) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

     

    Windows Media Player Information Disclosure Vulnerability (CVE-2018-8481) MS Rating: Important

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk.

     

    Windows Media Player Information Disclosure Vulnerability (CVE-2018-8482) MS Rating: Important

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk.

     

    DirectX Graphics Kernel Privilege Escalation Vulnerability (CVE-2018-8484) MS Rating: Important

    A privilege escalation vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    DirectX Information Disclosure Vulnerability (CVE-2018-8486) MS Rating: Important

    An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8492) MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Windows TCP/IP Information Disclosure Vulnerability (CVE-2018-8493) MS Rating: Important

    An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495) MS Rating: Important

    A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

     

    Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2018-8506)MS Rating: Important

    An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

  6. Cumulative Security Update for Microsoft SQL Server Management Studio

    SQL Server Management Studio Information Disclosure (CVE-2018-8527) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

     

    SQL Server Management Studio Information Disclosure (CVE-2018-8532) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

     

    SQL Server Management Studio Information Disclosure (CVE-2018-8533) MS Rating: Moderate

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

     

  7. Cumulative Security Update for Microsoft Windows Hyper-V

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2018-8489) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. An attacker who successfully exploited this issue by running specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

     

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2018-8490) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. An attacker who successfully exploited this issue by running specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.